For Jailbreak Users: How To Fix Spectre Vulnerability In iOS 11.1.2 And Below Using SpectrePatch

Apple has officially released iOS 11.2.2 for all compatible iPhone, iPad, and iPod touch hardware, complete with security improvements put in place to mitigate the effects of Spectre through Safari and Webkit.

Hardcore jailbreakers, who simply cannot move away from iOS 11.1.2 or below, will obviously miss out on this important security update, which is why Ryley Angus has created SpectrePatch for jailbroken devices.

It’s probably worth noting that for anyone who doesn’t particularly care about a jailbreak that Apple has officially released iOS 11.2.2 as an over-the-air update or IPSW download to counteract the Spectre issue. An immediate and official installation of this important security update will mitigate. However, that doesn’t help those with one-eye firmly fixed on being jailbroken.

This tiny little patch installed, which is called SpectrePatch and is available through the repository details highlighted below, will essentially look to stop any Spectre-type attacks on iOS. When installed, the developer states that the package is loaded “into all WebKitContent process by default, as well as all apps” meaning that it will protect instantly. However, there is a stipulation that SpectrePatch will “not prevent native code Spectre attacks.”

The package itself seems to work by taking away an attacker’s ability to precisely monitor time differences by overriding the function in Javascript. It seems that the creator of the package is hooking directly into the function and changing its behavior to only allow time differences to be measured to approximately 100 microseconds, which makes it much harder, if not possible, for any would-be attackers to exploit Spectre in this nature.

For anyone who is running a jailbroken device, who is concerned about the potential exploitation of that device due to the Spectre exploit potential, then SpectrePatch is available directly from the developer’s own personal Cydia repository. Jailbroken users can add as a source to Cydia, refresh the packages, and download the SpectrePatch directly to the device.

Ryley Angus, the developer, has also uploaded the raw code of his small package here for those who want to view exactly what’s going on or who would prefer to compile it themselves.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.